Tagdiv

Tagdiv Composer

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-39712

  • EPSS 0.04%
  • Veröffentlicht 08.04.2026 08:30:48
  • Zuletzt bearbeitet 08.04.2026 21:26:13

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through <= 5.4.3.

6.5

CVE-2026-39692

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 08:30:44
  • Zuletzt bearbeitet 08.04.2026 21:26:13

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3.

7.1

CVE-2025-50001

  • EPSS 0.04%
  • Veröffentlicht 19.03.2026 08:07:39
  • Zuletzt bearbeitet 01.04.2026 17:25:29

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.

6.1

CVE-2025-50005

  • EPSS 0.04%
  • Veröffentlicht 22.01.2026 16:51:44
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.

7.1

CVE-2025-62031

  • EPSS 0.03%
  • Veröffentlicht 06.11.2025 15:55:28
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1.

6.5

CVE-2025-62030

  • EPSS 0.02%
  • Veröffentlicht 06.11.2025 15:55:27
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1.

6.1

CVE-2025-2806

  • EPSS 0.53%
  • Veröffentlicht 08.05.2025 11:23:40
  • Zuletzt bearbeitet 04.06.2025 22:53:20

The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This...

5.4

CVE-2025-3510

  • EPSS 0.15%
  • Veröffentlicht 02.05.2025 03:21:18
  • Zuletzt bearbeitet 06.05.2025 15:19:30

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

9.8

CVE-2024-13645

  • EPSS 2.23%
  • Veröffentlicht 04.04.2025 05:22:44
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is...

6.1

CVE-2025-1705

  • EPSS 0.25%
  • Veröffentlicht 28.03.2025 08:23:44
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for ...